1854 matches found
[ASA-201701-15] bind: denial of service
Arch Linux Security Advisory ASA-201701-15 ========================================== Severity: High Date : 2017-01-12 CVE-ID : CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2016-9778 Package : bind Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-132 Summary ======...
jq: arbitrary code execution
A heap-based buffer overflow has been found in jq when parsing a JSON-encoded number longer than 256 bytes. The NULL-terminator byte was not allocated when the buffer was resized, causing a off-by-one write...
libdwarf: denial of service
A problem has been discovered when the debugabbrev section is marked as NOBITS in the ELF file - in other words as a zero-init section rather than a section with contents in the file. Such a crafted section is leading to a null pointer dereference resulting in denial of service...
mediawiki: multiple issues
CVE-2015-8622: T117899 XSS from wikitext when $wgArticlePath='$1'. Internal review discovered an XSS vector when MediaWiki is configured with a non-standard configuration. - CVE-2015-8624: T119309 User::matchEditToken should use constant-time string comparison. Internal review discovered that...
claws-mail: buffer overflow
A remotely triggerable buffer overflow has been found in the code of claws-mail handling character conversion, in functions convjistoeuc, conveuctojis and convsjistoeuc, in codeconv.c. There was no bounds checking on buffers passed to these functions, some stack-based but other potentially...
drupal: open redirect
The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...
wesnoth: information leakage
Wesnoth implements a text preprocessing language that is used in conjunction with its own game scripting language. It also has a built-in Lua interpreter and API. Both the Lua API and the preprocessor make use of the same function filesystem::getwmllocation to resolve file paths so that only...
[ASA-202506-4] go: multiple issues
Arch Linux Security Advisory ASA-202506-4 ========================================= Severity: Medium Date : 2025-06-07 CVE-ID : CVE-2025-4673 CVE-2025-22874 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2896 Summary ======= The package go before versio...
[ASA-202505-12] go: directory traversal
Arch Linux Security Advisory ASA-202505-12 ========================================== Severity: Low Date : 2025-05-19 CVE-ID : CVE-2025-22873 Package : go Type : directory traversal Remote : No Link : https://security.archlinux.org/AVG-2878 Summary ======= The package go before version 2:1.24.3-1...
[ASA-202501-1] rsync: multiple issues
Arch Linux Security Advisory ASA-202501-1 ========================================= Severity: Critical Date : 2025-01-14 CVE-ID : CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 Package : rsync Type : multiple issues Remote : Yes Link :...
[ASA-202004-5] pam-krb5: arbitrary code execution
Arch Linux Security Advisory ASA-202004-5 ========================================= Severity: Medium Date : 2020-04-01 CVE-ID : CVE-2020-10595 Package : pam-krb5 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1119 Summary ======= The package pam-krb5 before...
[ASA-201906-22] vlc: arbitrary code execution
Arch Linux Security Advisory ASA-201906-22 ========================================== Severity: Critical Date : 2019-06-25 CVE-ID : CVE-2019-5439 CVE-2019-12874 Package : vlc Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-998 Summary ======= The package vlc...
[ASA-201906-8] vim: arbitrary code execution
Arch Linux Security Advisory ASA-201906-8 ========================================= Severity: High Date : 2019-06-11 CVE-ID : CVE-2019-12735 Package : vim Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-975 Summary ======= The package vim before version...
[ASA-201905-7] perl-email-address: denial of service
Arch Linux Security Advisory ASA-201905-7 ========================================= Severity: Low Date : 2019-05-06 CVE-ID : CVE-2018-12558 Package : perl-email-address Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-722 Summary ======= The package perl-email-addre...
[ASA-201811-5] libcurl-compat: arbitrary code execution
Arch Linux Security Advisory ASA-201811-5 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16840 Package : libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-800 Summary ======= The package libcurl-comp...
[ASA-201809-4] strongswan: authentication bypass
Arch Linux Security Advisory ASA-201809-4 ========================================= Severity: High Date : 2018-09-24 CVE-ID : CVE-2018-16151 CVE-2018-16152 Package : strongswan Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-769 Summary ======= The package...
[ASA-201807-16] libextractor: denial of service
Arch Linux Security Advisory ASA-201807-16 ========================================== Severity: Medium Date : 2018-07-26 CVE-ID : CVE-2017-17440 Package : libextractor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-541 Summary ======= The package libextractor befo...
[ASA-201807-1] gitlab: multiple issues
Arch Linux Security Advisory ASA-201807-1 ========================================= Severity: Medium Date : 2018-07-04 CVE-ID : CVE-2018-3740 CVE-2018-12606 CVE-2018-12607 Package : gitlab Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-726 Summary ======= The packag...
[ASA-201806-12] cantata: multiple issues
Arch Linux Security Advisory ASA-201806-12 ========================================== Severity: High Date : 2018-06-20 CVE-ID : CVE-2018-12559 CVE-2018-12560 CVE-2018-12561 CVE-2018-12562 Package : cantata Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-721 Summary...
[ASA-201805-12] zathura-pdf-mupdf: multiple issues
Arch Linux Security Advisory ASA-201805-12 ========================================== Severity: High Date : 2018-05-16 CVE-ID : CVE-2018-5686 CVE-2018-6187 CVE-2018-6192 CVE-2018-6544 CVE-2018-1000051 Package : zathura-pdf-mupdf Type : multiple issues Remote : Yes Link :...
[ASA-201802-5] sthttpd: arbitrary code execution
Arch Linux Security Advisory ASA-201802-5 ========================================= Severity: High Date : 2018-02-09 CVE-ID : CVE-2017-10671 Package : sthttpd Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-333 Summary ======= The package sthttpd before...
[ASA-201711-16] libextractor: denial of service
Arch Linux Security Advisory ASA-201711-16 ========================================== Severity: Low Date : 2017-11-08 CVE-ID : CVE-2017-15922 Package : libextractor Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-471 Summary ======= The package libextractor before...
[ASA-201711-6] curl: information disclosure
Arch Linux Security Advisory ASA-201711-6 ========================================= Severity: Medium Date : 2017-11-02 CVE-ID : CVE-2017-1000257 Package : curl Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-467 Summary ======= The package curl before version...
[ASA-201710-12] salt: multiple issues
Arch Linux Security Advisory ASA-201710-12 ========================================== Severity: Medium Date : 2017-10-09 CVE-ID : CVE-2017-14695 CVE-2017-14696 Package : salt Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-438 Summary ======= The package salt before...
[ASA-201707-8] tor: session hijacking
Arch Linux Security Advisory ASA-201707-8 ========================================= Severity: Medium Date : 2017-07-11 CVE-ID : CVE-2017-0377 Package : tor Type : session hijacking Remote : Yes Link : https://security.archlinux.org/AVG-336 Summary ======= The package tor before version 0.3.0.9-1 ...
[ASA-201705-23] postgresql: information disclosure
Arch Linux Security Advisory ASA-201705-23 ========================================== Severity: Medium Date : 2017-05-30 CVE-ID : CVE-2017-7484 CVE-2017-7486 Package : postgresql Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-272 Summary ======= The package...
[ASA-201705-19] fop: xml external entity injection
Arch Linux Security Advisory ASA-201705-19 ========================================== Severity: Medium Date : 2017-05-21 CVE-ID : CVE-2017-5661 Package : fop Type : xml external entity injection Remote : Yes Link : https://security.archlinux.org/AVG-254 Summary ======= The package fop before...
[ASA-201705-10] lib32-freetype2: arbitrary code execution
Arch Linux Security Advisory ASA-201705-10 ========================================== Severity: High Date : 2017-05-10 CVE-ID : CVE-2017-8105 CVE-2017-8287 Package : lib32-freetype2 Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-258 Summary ======= The...
[ASA-201703-10] roundcubemail: cross-site scripting
Arch Linux Security Advisory ASA-201703-10 ========================================== Severity: Medium Date : 2017-03-14 CVE-ID : CVE-2017-6820 Package : roundcubemail Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-199 Summary ======= The package roundcubemail...
[ASA-201702-4] gst-plugins-base-libs: multiple issues
Arch Linux Security Advisory ASA-201702-4 ========================================= Severity: Critical Date : 2017-02-03 CVE-ID : CVE-2017-5837 CVE-2017-5839 CVE-2017-5842 CVE-2017-5844 Package : gst-plugins-base-libs Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1...
[ASA-201701-41] salt: multiple issues
Arch Linux Security Advisory ASA-201701-41 ========================================== Severity: High Date : 2017-01-31 CVE-ID : CVE-2017-5192 CVE-2017-5200 Package : salt Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-159 Summary ======= The package salt before...
[ASA-201701-14] irssi: multiple issues
Arch Linux Security Advisory ASA-201701-14 ========================================== Severity: High Date : 2017-01-11 CVE-ID : CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 Package : irssi Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-127 Summary =======...
[ASA-201610-8] crypto++: information disclosure
Arch Linux Security Advisory ASA-201610-8 ========================================= Severity: Medium Date : 2016-10-12 CVE-ID : CVE-2016-7420 Package : crypto++ Type : information disclosure Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package crypto++ before...
lib32-libgcrypt: information disclosure
Felix Drre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and...
rtmpdump: multiple issues
Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues...
[ASA-202506-1] roundcubemail: arbitrary code execution
Arch Linux Security Advisory ASA-202506-1 ========================================= Severity: Critical Date : 2025-06-04 CVE-ID : CVE-2025-49113 Package : roundcubemail Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2891 Summary ======= The package...
[ASA-202505-9] dropbear: arbitrary command execution
Arch Linux Security Advisory ASA-202505-9 ========================================= Severity: Medium Date : 2025-05-19 CVE-ID : CVE-2025-47203 Package : dropbear Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-2874 Summary ======= The package dropbear...
[ASA-202505-6] nodejs: denial of service
Arch Linux Security Advisory ASA-202505-6 ========================================= Severity: High Date : 2025-05-18 CVE-ID : CVE-2025-23166 Package : nodejs Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2871 Summary ======= The package nodejs before version...
[ASA-201906-5] pam-u2f: information disclosure
Arch Linux Security Advisory ASA-201906-5 ========================================= Severity: Medium Date : 2019-06-07 CVE-ID : CVE-2019-12209 CVE-2019-12210 Package : pam-u2f Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-973 Summary ======= The package pam-u...
[ASA-201901-7] python2-django: content spoofing
Arch Linux Security Advisory ASA-201901-7 ========================================= Severity: Medium Date : 2019-01-11 CVE-ID : CVE-2019-3498 Package : python2-django Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-838 Summary ======= The package python2-django befo...
[ASA-201901-2] polkit: privilege escalation
Arch Linux Security Advisory ASA-201901-2 ========================================= Severity: High Date : 2019-01-08 CVE-ID : CVE-2018-19788 Package : polkit Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-828 Summary ======= The package polkit before version...
[ASA-201811-16] chromium: information disclosure
Arch Linux Security Advisory ASA-201811-16 ========================================== Severity: Medium Date : 2018-11-20 CVE-ID : CVE-2018-17478 Package : chromium Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-812 Summary ======= The package chromium before...
[ASA-201810-1] mosquitto: denial of service
Arch Linux Security Advisory ASA-201810-1 ========================================= Severity: Medium Date : 2018-10-01 CVE-ID : CVE-2018-12543 Package : mosquitto Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-772 Summary ======= The package mosquitto before versi...
[ASA-201807-9] libcurl-gnutls: arbitrary code execution
Arch Linux Security Advisory ASA-201807-9 ========================================= Severity: High Date : 2018-07-16 CVE-ID : CVE-2018-0500 Package : libcurl-gnutls Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-734 Summary ======= The package libcurl-gnutl...
[ASA-201804-3] zziplib: denial of service
Arch Linux Security Advisory ASA-201804-3 ========================================= Severity: Medium Date : 2018-04-04 CVE-ID : CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 Package : zziplib Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-612 Summary ======= The packa...
[ASA-201711-29] varnish: information disclosure
Arch Linux Security Advisory ASA-201711-29 ========================================== Severity: Medium Date : 2017-11-26 CVE-ID : CVE-2017-8807 Package : varnish Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-502 Summary ======= The package varnish before...
[ASA-201711-17] postgresql: multiple issues
Arch Linux Security Advisory ASA-201711-17 ========================================== Severity: Medium Date : 2017-11-10 CVE-ID : CVE-2017-15098 CVE-2017-15099 Package : postgresql Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-485 Summary ======= The package...
[ASA-201710-3] lib32-curl: multiple issues
Arch Linux Security Advisory ASA-201710-3 ========================================= Severity: Medium Date : 2017-10-05 CVE-ID : CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000254 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-371 Summary =======...
[ASA-201709-21] openvpn: arbitrary code execution
Arch Linux Security Advisory ASA-201709-21 ========================================== Severity: Medium Date : 2017-09-28 CVE-ID : CVE-2017-12166 Package : openvpn Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-420 Summary ======= The package openvpn before...
[ASA-201707-7] libdwarf: denial of service
Arch Linux Security Advisory ASA-201707-7 ========================================= Severity: Low Date : 2017-07-11 CVE-ID : CVE-2017-9998 Package : libdwarf Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-332 Summary ======= The package libdwarf before version...